diff --git a/lib/puma/binder.rb b/lib/puma/binder.rb
index 7e44f06468..a040b6b4c9 100644
--- a/lib/puma/binder.rb
+++ b/lib/puma/binder.rb
@@ -194,7 +194,7 @@ def parse(binds, logger)
                                 MiniSSL::VERIFY_NONE
                               end
           else
-            ctx.verify_mode = MiniSSL::VERIFY_NONE
+            ctx.verify_mode = MiniSSL::VERIFY_PEER
           end
 
           if fd = @inherited_fds.delete(str)
diff --git a/lib/puma/dsl.rb b/lib/puma/dsl.rb
index ba3a750ef1..8fa3254f24 100644
--- a/lib/puma/dsl.rb
+++ b/lib/puma/dsl.rb
@@ -259,9 +259,9 @@ def threads(min, max)
     def ssl_bind(host, port, opts)
       if defined?(JRUBY_VERSION)
         keystore_additions = "keystore=#{opts[:keystore]}&keystore-pass=#{opts[:keystore_pass]}"
-        bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&#{keystore_additions}&verify_mode=#{opts[:verify_mode] || 'none'}"
+        bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&#{keystore_additions}&verify_mode=#{opts[:verify_mode] || 'peer'}"
       else
-        bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&verify_mode=#{opts[:verify_mode] || 'none'}"
+        bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&verify_mode=#{opts[:verify_mode] || 'peer'}"
       end
     end